REMARKS 



The Office Action dated April 11, 2005, has been carefully reviewed and 
the following remarks are submitted in response thereto. Claims 1-12 and 21-26 are 
pending in the application. Claim amendments are submitted herein providing 
corrected dependencies of claims 24-26 in confirmation of the previous examiner's 
amendment. 

The rejection of claims 1-12 and 21-26 under 35 USC 1 12 as failing to 
comply with the written description requirement is respectfully traversed. 

The rejection states that "the specification does not disclose a directory 
server where a directory is stored or a directory server coupled with the authorization 
server." On the contrary, the directory server is explicitly taught and described in the 
specification and drawings. As stated on page 1, lines 9-13, "the invention relates to 
the use of dynamic directory services (DDS) to dynamically store information in a 
directory server that can be used for authentication, application authorization, and user 
profiling purposes to eliminate the need for numerous authorization and access control 
schemes with a single standard directory based set of applications." Figure 1 shows a 
plurality of directory servers numbered 1 through n. The directory servers are shown 
being connected to authorization servers 16 via a communication network 22 (page 4, 
lines 19-23). The specification states that the "directory may reside on any 
conventional computing device such as one or more network computers or server 
computers." Any such server containing the directory is a directory server. Thus, the 
application discloses both the directory server and its connection with the 
authorization server in compliance with 35 USC 1 12. 

The rejection further states that "the specification does not indicate how a 
directory server is used to authenticate or authorize the user data, create a shopping 
cart, selecting items to be purchased, or how other applications access the object on 
the directory server." Contrary to these assertions, the specification provides adequate 
teaching of each of these uses of the invention. As explained from page 6, line 26, to 
page 7, line 2, the authorization server 16 creates an object and stores it in the 
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directory (i.e., directory server 20). The object is given a name relating to the session 
ID and the authorization server copies information from a user profile database to the 
object. Page 7, lines 8-15 explain that other applications use the session ID to read 
user information that has been copied to the object. In the example given from page 7, 
line 23, to page 8, line 13, a cookie named SID is created in the user's browser and 
other applications access this cookie in order to locate the object associated with the 
user. This description is sufficiently detailed to enable one skilled in the art to practice 
the invention to authenticate other applications. Likewise, the example given at page 
8, lines 14-29, teaches the use of the object stored in the directory server for creating a 
shopping cart and selecting items for purchase in conformance with 35 USC 1 12. 

In view of the foregoing, the objection in the office action to applicant's 
reliance on statements about "a directory on a directory server", "the directory server 
permits . . .", and " the ability of additional applications to access the object for the 
computer user on the directory server" is clearly erroneous. Such concepts are well 
supported by the specification, and the rejection should be withdrawn. 

The rejection of claims 1-4, 7-10, 21, and 24 under 35 USC 102(e) as being 
anticipated by Alegre et al is respectfully traversed. In the method and system of 
claims 1 and 7, an object associated with the Session ID is stored dynamically in a 
directory on a directory server coupled with the authorization server. The directory 
server permits other computer applications launched by the computer user to reference 
the Session ID on the user's computer. The other computer applications access the 
object for the computer user on the directory server to authenticate or authorize the 
user for the other computer applications. The ability of additional applications to 
authenticate or authorize directly with the directory server achieves important 
advantages such as reducing network overhead. 

Applicant respectfully points out that Alegre et al fails to teach all the 
claimed limitations or their equivalents. The final rejection argues that column 5, line 
48, to column 6, line 49, of Alegre et al teaches a directory server that permits other 
computer applications launched by the computer user to reference the session ID on 
the user computer. However, the disclosure in Alegre et al fails to correlate with the 
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claimed method or system. The rejection fails to provide an explanation of what other 
applications are launched in Alegre et al. In fact, Alegre et al has no teaching 
whatsoever of multiple applications that each requires its own separate authorization. 
Therefore, there is likewise no teaching of using a directory to store an object accessed 
by more than one application for purposes of authentication. Therefore, claims 1-4, 7- 
10, 21, and 24 are allowable over Alegre et al. 

The rejection of claims 5, 6, 11, and 12 under 35 USC 103(a) as being 
unpatentable over Alegre et al in view of Hartman et al is respectfully traversed. 
Hartman fails to correct for the deficiencies in Alegre. Therefore, claims 5,6, 11, and 
12 are allowable. 

The rejection of claims 22, 23, 25, and 26 under 35 USC 103(a) as being 
unpatentable over Alegre et al in view of Blanco et al is respectfully traversed. Blanco 
et al does not use LDAP or X.500 to access objects having the limitations recited in 
the present claims. Thus, Blanco et al fails to correct for the deficiencies in Alegre et 
al, and claims 22, 23, 25, and 26 are allowable. 

In view of the foregoing amendment and remarks, claims 1-12 and 21-26 
are respectfully submitted to be in condition for allowance. Favorable action is 
respectfully solicited. 
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